Overview

overview

7

Static

static

ef92a186f5...fc.exe

windows7-x64

7

ef92a186f5...fc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    84s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 12:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ef92a186f598fc351c1b8c73adac59897346f74693e20184e22cf5a8790e12fc.exe

  • Size

    241KB

  • MD5

    9560e96f4970da7414945afdc61865f3

  • SHA1

    5e7e77b730da64af5bc5ceb6e349b0568396f670

  • SHA256

    ef92a186f598fc351c1b8c73adac59897346f74693e20184e22cf5a8790e12fc

  • SHA512

    9e097f6cb905bdb546a13cc020d096f7ed7e52f3706045062bc40ca29b8ec550b5386922d0d485722e454a6ea769c5e2e55618a27bdb85e1db01d9430b6225cf

  • SSDEEP

    3072:X7PBbB4HfmhZOGjzmTfwQaIvDL3UZ50beEPDELg:X75BgfmhQ+SnL3k5WDE

Score
7/10
evasion

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef92a186f598fc351c1b8c73adac59897346f74693e20184e22cf5a8790e12fc.exe
    "C:\Users\Admin\AppData\Local\Temp\ef92a186f598fc351c1b8c73adac59897346f74693e20184e22cf5a8790e12fc.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:4572

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4572-132-0x0000000000520000-0x0000000000564000-memory.dmp

          Filesize

          272KB

          Download

        • memory/4572-133-0x0000000000400000-0x0000000000445000-memory.dmp

          Filesize

          276KB

          Download